The following access control instructions (ACIs) grant members of the
cn=admins,ou=groups,dc=example,dc=com
group the following
permissions:
- Add, modify, and delete entries
- Reset passwords
- Read operational attributes, such as
isMemberOf
and password policy state
aci: (targetattr="+")(version 3.0; acl "Administrators can read, search or compare operational attributes";
allow (read,search,compare) groupdn="ldap:///cn=admins,ou=groups,dc=example,dc=com";)
aci: (targetattr="*")(version 3.0; acl "Administrators can add, modify and delete entries";
allow (all) groupdn="ldap:///cn=admins,ou=groups,dc=example,dc=com";)